diff --git a/2001/1xxx/CVE-2001-1312.json b/2001/1xxx/CVE-2001-1312.json index bdafb4e4e98..b4b7fc6fe5e 100644 --- a/2001/1xxx/CVE-2001-1312.json +++ b/2001/1xxx/CVE-2001-1312.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-2001-18", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-18.html" - }, - { - "name" : "L-116", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml" - }, - { - "name" : "VU#583184", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/583184" - }, - { - "name" : "http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8", - "refsource" : "CONFIRM", - "url" : "http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8" - }, - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/" - }, - { - "name" : "domino-ldap-protos-format-string(6896)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6896" - }, - { - "name" : "3042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8", + "refsource": "CONFIRM", + "url": "http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8" + }, + { + "name": "CA-2001-18", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-18.html" + }, + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/" + }, + { + "name": "L-116", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml" + }, + { + "name": "VU#583184", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/583184" + }, + { + "name": "3042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3042" + }, + { + "name": "domino-ldap-protos-format-string(6896)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6896" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2401.json b/2006/2xxx/CVE-2006-2401.json index 7805e573bbd..772c2b1046f 100644 --- a/2006/2xxx/CVE-2006-2401.json +++ b/2006/2xxx/CVE-2006-2401.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (application crash) via packets with incorrect message sizes, which triggers a buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060512 Multiple vulnerabilities in Outgun 1.0.3 bot 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433932/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/outgunx-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/outgunx-adv.txt" - }, - { - "name" : "17985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17985" - }, - { - "name" : "ADV-2006-1796", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1796" - }, - { - "name" : "20098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20098" - }, - { - "name" : "898", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/898" - }, - { - "name" : "outgun-leetnet-message-dos(26512)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (application crash) via packets with incorrect message sizes, which triggers a buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "outgun-leetnet-message-dos(26512)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26512" + }, + { + "name": "20060512 Multiple vulnerabilities in Outgun 1.0.3 bot 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433932/100/0/threaded" + }, + { + "name": "http://aluigi.altervista.org/adv/outgunx-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/outgunx-adv.txt" + }, + { + "name": "898", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/898" + }, + { + "name": "20098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20098" + }, + { + "name": "17985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17985" + }, + { + "name": "ADV-2006-1796", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1796" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2415.json b/2006/2xxx/CVE-2006-2415.json index d7644569228..6292c2dc063 100644 --- a/2006/2xxx/CVE-2006-2415.json +++ b/2006/2xxx/CVE-2006-2415.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) CFTOKEN parameter in (a) index.cfm and (3) CFTOKEN and (4) CFID parameter in (b) chat.cfm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/05/flexchat-xss.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/05/flexchat-xss.html" - }, - { - "name" : "ADV-2006-1804", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1804" - }, - { - "name" : "25504", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25504" - }, - { - "name" : "25505", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25505" - }, - { - "name" : "1016104", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016104" - }, - { - "name" : "20101", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20101" - }, - { - "name" : "flexchat-index-chat-xss(26429)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) CFTOKEN parameter in (a) index.cfm and (3) CFTOKEN and (4) CFID parameter in (b) chat.cfm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/05/flexchat-xss.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/05/flexchat-xss.html" + }, + { + "name": "flexchat-index-chat-xss(26429)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26429" + }, + { + "name": "20101", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20101" + }, + { + "name": "25504", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25504" + }, + { + "name": "ADV-2006-1804", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1804" + }, + { + "name": "1016104", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016104" + }, + { + "name": "25505", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25505" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2443.json b/2006/2xxx/CVE-2006-2443.json index 93f01c90561..482287b1285 100644 --- a/2006/2xxx/CVE-2006-2443.json +++ b/2006/2xxx/CVE-2006-2443.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348306", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348306", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348306" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2827.json b/2006/2xxx/CVE-2006-2827.json index a6af0d2b175..0779b089a44 100644 --- a/2006/2xxx/CVE-2006-2827.json +++ b/2006/2xxx/CVE-2006-2827.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the \"Search for pattern\" field, when the settings specify only \"Search in Detailed description\" and \"Search also in ISBN.\" NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying \"the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters.\" As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html" - }, - { - "name" : "25204", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25204" - }, - { - "name" : "xcart-search-sql-injection(25944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the \"Search for pattern\" field, when the settings specify only \"Search in Detailed description\" and \"Search also in ISBN.\" NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying \"the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters.\" As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/x-cart-sql-inj-vuln.html" + }, + { + "name": "xcart-search-sql-injection(25944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25944" + }, + { + "name": "25204", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25204" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2982.json b/2006/2xxx/CVE-2006-2982.json index 4048bbae838..9e348425c6c 100644 --- a/2006/2xxx/CVE-2006-2982.json +++ b/2006/2xxx/CVE-2006-2982.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1891", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1891" - }, - { - "name" : "18364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18364" - }, - { - "name" : "ADV-2006-2219", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2219" - }, - { - "name" : "26266", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26266" - }, - { - "name" : "1016258", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016258" - }, - { - "name" : "20522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20522" - }, - { - "name" : "eps-absolutepath-file-include(27024)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18364" + }, + { + "name": "1016258", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016258" + }, + { + "name": "20522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20522" + }, + { + "name": "26266", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26266" + }, + { + "name": "ADV-2006-2219", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2219" + }, + { + "name": "eps-absolutepath-file-include(27024)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27024" + }, + { + "name": "1891", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1891" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3475.json b/2006/3xxx/CVE-2006-3475.json index 032f4b9db51..5878251b2d7 100644 --- a/2006/3xxx/CVE-2006-3475.json +++ b/2006/3xxx/CVE-2006-3475.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.php or (7) history.php, a different set of vectors than CVE-2006-2998." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060702 free QBoard v1.1 Multiple Remote File include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438951/100/0/threaded" - }, - { - "name" : "20061201 freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453293/100/0/threaded" - }, - { - "name" : "18788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18788" - }, - { - "name" : "21394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21394" - }, - { - "name" : "28059", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28059" - }, - { - "name" : "28060", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28060" - }, - { - "name" : "28061", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28061" - }, - { - "name" : "28062", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28062" - }, - { - "name" : "28063", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28063" - }, - { - "name" : "28064", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28064" - }, - { - "name" : "28065", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28065" - }, - { - "name" : "1016433", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016433" - }, - { - "name" : "1233", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1233" - }, - { - "name" : "freeqboard-multiple-scripts-file-include(27040)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.php or (7) history.php, a different set of vectors than CVE-2006-2998." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18788" + }, + { + "name": "28059", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28059" + }, + { + "name": "28064", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28064" + }, + { + "name": "20060702 free QBoard v1.1 Multiple Remote File include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438951/100/0/threaded" + }, + { + "name": "28060", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28060" + }, + { + "name": "28062", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28062" + }, + { + "name": "freeqboard-multiple-scripts-file-include(27040)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27040" + }, + { + "name": "28065", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28065" + }, + { + "name": "28063", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28063" + }, + { + "name": "20061201 freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453293/100/0/threaded" + }, + { + "name": "1233", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1233" + }, + { + "name": "1016433", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016433" + }, + { + "name": "21394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21394" + }, + { + "name": "28061", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28061" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3667.json b/2006/3xxx/CVE-2006-3667.json index b3c996634fa..5b7a1d403b5 100644 --- a/2006/3xxx/CVE-2006-3667.json +++ b/2006/3xxx/CVE-2006-3667.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sybase.com/detail?id=1041431", - "refsource" : "CONFIRM", - "url" : "http://www.sybase.com/detail?id=1041431" - }, - { - "name" : "19076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19076" - }, - { - "name" : "ADV-2006-2881", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2881" - }, - { - "name" : "1016533", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016533" - }, - { - "name" : "21004", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sybase.com/detail?id=1041431", + "refsource": "CONFIRM", + "url": "http://www.sybase.com/detail?id=1041431" + }, + { + "name": "21004", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21004" + }, + { + "name": "ADV-2006-2881", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2881" + }, + { + "name": "19076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19076" + }, + { + "name": "1016533", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016533" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3946.json b/2006/3xxx/CVE-2006-3946.json index 1348a45052a..ce2ce1501d2 100644 --- a/2006/3xxx/CVE-2006-3946.json +++ b/2006/3xxx/CVE-2006-3946.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a \"memory management error\" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html" - }, - { - "name" : "APPLE-SA-2006-09-29", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" - }, - { - "name" : "19250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19250" - }, - { - "name" : "ADV-2006-3069", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3069" - }, - { - "name" : "ADV-2006-3852", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3852" - }, - { - "name" : "27534", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27534" - }, - { - "name" : "1016957", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016957" - }, - { - "name" : "21271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21271" - }, - { - "name" : "22187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22187" - }, - { - "name" : "safari-khtmlparser-code-execution(28081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a \"memory management error\" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html" + }, + { + "name": "safari-khtmlparser-code-execution(28081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28081" + }, + { + "name": "22187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22187" + }, + { + "name": "ADV-2006-3852", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3852" + }, + { + "name": "27534", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27534" + }, + { + "name": "21271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21271" + }, + { + "name": "APPLE-SA-2006-09-29", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" + }, + { + "name": "19250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19250" + }, + { + "name": "1016957", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016957" + }, + { + "name": "ADV-2006-3069", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3069" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3976.json b/2006/3xxx/CVE-2006-3976.json index 7b9e0059ab2..e1768e22e64 100644 --- a/2006/3xxx/CVE-2006-3976.json +++ b/2006/3xxx/CVE-2006-3976.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060804 CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442244/100/0/threaded" - }, - { - "name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509", - "refsource" : "CONFIRM", - "url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509" - }, - { - "name" : "ADV-2006-3166", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3166" - }, - { - "name" : "1016637", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016637" - }, - { - "name" : "21320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3166", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3166" + }, + { + "name": "20060804 CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442244/100/0/threaded" + }, + { + "name": "1016637", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016637" + }, + { + "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509", + "refsource": "CONFIRM", + "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509" + }, + { + "name": "21320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21320" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6056.json b/2006/6xxx/CVE-2006-6056.json index 4aa4a85f45e..20f4a47aee0 100644 --- a/2006/6xxx/CVE-2006-6056.json +++ b/2006/6xxx/CVE-2006-6056.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070615 rPSA-2007-0124-1 kernel xen", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471457" - }, - { - "name" : "http://projects.info-pull.com/mokb/MOKB-14-11-2006.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/mokb/MOKB-14-11-2006.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm" - }, - { - "name" : "DSA-1304", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1304" - }, - { - "name" : "MDKSA-2007:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:060" - }, - { - "name" : "MDKSA-2007:078", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:078" - }, - { - "name" : "RHSA-2007:0014", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0014.html" - }, - { - "name" : "SUSE-SA:2006:079", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" - }, - { - "name" : "USN-416-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-416-1" - }, - { - "name" : "oval:org.mitre.oval:def:9949", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9949" - }, - { - "name" : "23997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23997" - }, - { - "name" : "22887", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22887" - }, - { - "name" : "24098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24098" - }, - { - "name" : "24206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24206" - }, - { - "name" : "24482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24482" - }, - { - "name" : "24777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24777" - }, - { - "name" : "25714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25714" - }, - { - "name" : "25691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25691" - }, - { - "name" : "23474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23474" - }, - { - "name" : "linux-superblockdoinit-dos(30278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24098" + }, + { + "name": "SUSE-SA:2006:079", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" + }, + { + "name": "MDKSA-2007:078", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:078" + }, + { + "name": "RHSA-2007:0014", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0014.html" + }, + { + "name": "24777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24777" + }, + { + "name": "oval:org.mitre.oval:def:9949", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9949" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm" + }, + { + "name": "USN-416-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-416-1" + }, + { + "name": "22887", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22887" + }, + { + "name": "24206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24206" + }, + { + "name": "23474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23474" + }, + { + "name": "23997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23997" + }, + { + "name": "20070615 rPSA-2007-0124-1 kernel xen", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471457" + }, + { + "name": "http://projects.info-pull.com/mokb/MOKB-14-11-2006.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/mokb/MOKB-14-11-2006.html" + }, + { + "name": "24482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24482" + }, + { + "name": "linux-superblockdoinit-dos(30278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30278" + }, + { + "name": "DSA-1304", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1304" + }, + { + "name": "25714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25714" + }, + { + "name": "25691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25691" + }, + { + "name": "MDKSA-2007:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:060" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6179.json b/2006/6xxx/CVE-2006-6179.json index 0fb18c585e9..7deba6747d7 100644 --- a/2006/6xxx/CVE-2006-6179.json +++ b/2006/6xxx/CVE-2006-6179.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753", - "refsource" : "CONFIRM", - "url" : "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753" - }, - { - "name" : "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt", - "refsource" : "MISC", - "url" : "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt" - }, - { - "name" : "21442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21442" - }, - { - "name" : "ADV-2006-4852", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in PCCSRV\\Web_console\\RemoteInstallCGI\\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4852", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4852" + }, + { + "name": "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt", + "refsource": "MISC", + "url": "http://solutionfile.trendmicro.com/SolutionFile/1031753/en/Hotfix_Readme_OSCE7_3_B1089.txt" + }, + { + "name": "21442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21442" + }, + { + "name": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753", + "refsource": "CONFIRM", + "url": "http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1031753" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6923.json b/2006/6xxx/CVE-2006-6923.json index 9aed76dc8da..533f292a4bb 100644 --- a/2006/6xxx/CVE-2006-6923.json +++ b/2006/6xxx/CVE-2006-6923.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061106 bitweaver <=1.3.1 [injection sql (post) & xss (post)]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html" - }, - { - "name" : "20988", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20988" - }, - { - "name" : "20996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20996" - }, - { - "name" : "ADV-2006-4485", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4485" - }, - { - "name" : "2144", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4485", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4485" + }, + { + "name": "20996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20996" + }, + { + "name": "20988", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20988" + }, + { + "name": "20061106 bitweaver <=1.3.1 [injection sql (post) & xss (post)]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html" + }, + { + "name": "2144", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2144" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7079.json b/2006/7xxx/CVE-2006-7079.json index 0cad064801b..f5260453d8e 100644 --- a/2006/7xxx/CVE-2006-7079.json +++ b/2006/7xxx/CVE-2006-7079.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2415", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2415" - }, - { - "name" : "20161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20161" - }, - { - "name" : "exv2-commmon-command-execute(29116)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2415", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2415" + }, + { + "name": "20161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20161" + }, + { + "name": "exv2-commmon-command-execute(29116)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29116" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0404.json b/2011/0xxx/CVE-2011-0404.json index 5c68fa1ffff..67bc8404ca2 100644 --- a/2011/0xxx/CVE-2011-0404.json +++ b/2011/0xxx/CVE-2011-0404.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15937", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15937" - }, - { - "name" : "16838", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16838" - }, - { - "name" : "20110108 NetSupport Manager Agent Remote Buffer Overflow (Linux, Solaris, Mac, ...)", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0090.html" - }, - { - "name" : "http://www.ikkisoft.com/stuff/netsupport_linux.txt", - "refsource" : "MISC", - "url" : "http://www.ikkisoft.com/stuff/netsupport_linux.txt" - }, - { - "name" : "45728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45728" - }, - { - "name" : "70408", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70408" - }, - { - "name" : "1024943", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024943" - }, - { - "name" : "42794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42794" - }, - { - "name" : "ADV-2011-0062", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0062" - }, - { - "name" : "netsupport-manager-client-bo(64546)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0062", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0062" + }, + { + "name": "15937", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15937" + }, + { + "name": "70408", + "refsource": "OSVDB", + "url": "http://osvdb.org/70408" + }, + { + "name": "1024943", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024943" + }, + { + "name": "45728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45728" + }, + { + "name": "netsupport-manager-client-bo(64546)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64546" + }, + { + "name": "http://www.ikkisoft.com/stuff/netsupport_linux.txt", + "refsource": "MISC", + "url": "http://www.ikkisoft.com/stuff/netsupport_linux.txt" + }, + { + "name": "16838", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16838" + }, + { + "name": "20110108 NetSupport Manager Agent Remote Buffer Overflow (Linux, Solaris, Mac, ...)", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0090.html" + }, + { + "name": "42794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42794" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0729.json b/2011/0xxx/CVE-2011-0729.json index 8032ac8ce56..afe1c885c2e 100644 --- a/2011/0xxx/CVE-2011-0729.json +++ b/2011/0xxx/CVE-2011-0729.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2011-0729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ubuntuupdates.org/packages/show/307975", - "refsource" : "CONFIRM", - "url" : "http://www.ubuntuupdates.org/packages/show/307975" - }, - { - "name" : "https://launchpad.net/bugs/764397", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/764397" - }, - { - "name" : "https://launchpad.net/ubuntu/+source/language-selector/0.6.7", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/ubuntu/+source/language-selector/0.6.7" - }, - { - "name" : "USN-1115-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1115-1/" - }, - { - "name" : "47502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47502" - }, - { - "name" : "44214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44214" - }, - { - "name" : "ADV-2011-1032", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://launchpad.net/bugs/764397", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/764397" + }, + { + "name": "44214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44214" + }, + { + "name": "http://www.ubuntuupdates.org/packages/show/307975", + "refsource": "CONFIRM", + "url": "http://www.ubuntuupdates.org/packages/show/307975" + }, + { + "name": "https://launchpad.net/ubuntu/+source/language-selector/0.6.7", + "refsource": "CONFIRM", + "url": "https://launchpad.net/ubuntu/+source/language-selector/0.6.7" + }, + { + "name": "ADV-2011-1032", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1032" + }, + { + "name": "47502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47502" + }, + { + "name": "USN-1115-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1115-1/" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0746.json b/2011/0xxx/CVE-2011-0746.json index cea572aa3f2..26b767bb7ee 100644 --- a/2011/0xxx/CVE-2011-0746.json +++ b/2011/0xxx/CVE-2011-0746.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Forms/PortForwarding_Edit_1 on the ZyXEL O2 DSL Router Classic allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the PortRule_Name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110407 O2 classic router: persistent cross site scripting (XSS) and cross site request forgery (CSRF)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517399/100/0/threaded" - }, - { - "name" : "http://int21.de/cve/CVE-2011-0746-o2-router.html", - "refsource" : "MISC", - "url" : "http://int21.de/cve/CVE-2011-0746-o2-router.html" - }, - { - "name" : "8198", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Forms/PortForwarding_Edit_1 on the ZyXEL O2 DSL Router Classic allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the PortRule_Name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8198", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8198" + }, + { + "name": "20110407 O2 classic router: persistent cross site scripting (XSS) and cross site request forgery (CSRF)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517399/100/0/threaded" + }, + { + "name": "http://int21.de/cve/CVE-2011-0746-o2-router.html", + "refsource": "MISC", + "url": "http://int21.de/cve/CVE-2011-0746-o2-router.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0826.json b/2011/0xxx/CVE-2011-0826.json index b20060ed986..25322a768ae 100644 --- a/2011/0xxx/CVE-2011-0826.json +++ b/2011/0xxx/CVE-2011-0826.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle #13, 8.9 Bundle #7, 9.0 Bundle #7, and 9.1 Bundle #4 allows remote authenticated users to affect integrity via unknown vectors related to Application Portal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle #13, 8.9 Bundle #7, 9.0 Bundle #7, and 9.1 Bundle #4 allows remote authenticated users to affect integrity via unknown vectors related to Application Portal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1774.json b/2011/1xxx/CVE-2011-1774.json index e0afb0000c6..0124d234f5d 100644 --- a/2011/1xxx/CVE-2011-1774.json +++ b/2011/1xxx/CVE-2011-1774.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "8481", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8481", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8481" + }, + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2507.json b/2011/2xxx/CVE-2011-2507.json index 4ea0280c225..2c9d0e710ea 100644 --- a/2011/2xxx/CVE-2011-2507.json +++ b/2011/2xxx/CVE-2011-2507.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110707 phpMyAdmin 3.x Multiple Remote Code Executions", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518804/100/0/threaded" - }, - { - "name" : "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/28/2" - }, - { - "name" : "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/28/6" - }, - { - "name" : "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/28/8" - }, - { - "name" : "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/29/11" - }, - { - "name" : "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html", - "refsource" : "MISC", - "url" : "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html" - }, - { - "name" : "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html", - "refsource" : "MISC", - "url" : "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html" - }, - { - "name" : "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html", - "refsource" : "MISC", - "url" : "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html" - }, - { - "name" : "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt", - "refsource" : "MISC", - "url" : "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt" - }, - { - "name" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff", - "refsource" : "CONFIRM", - "url" : "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php" - }, - { - "name" : "DSA-2286", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2286" - }, - { - "name" : "FEDORA-2011-9144", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html" - }, - { - "name" : "MDVSA-2011:124", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124" - }, - { - "name" : "73613", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/73613" - }, - { - "name" : "45139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45139" - }, - { - "name" : "45292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45292" - }, - { - "name" : "45315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45315" - }, - { - "name" : "8306", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt", + "refsource": "MISC", + "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt" + }, + { + "name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/" + }, + { + "name": "45292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45292" + }, + { + "name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php" + }, + { + "name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8" + }, + { + "name": "MDVSA-2011:124", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124" + }, + { + "name": "8306", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8306" + }, + { + "name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff", + "refsource": "CONFIRM", + "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff" + }, + { + "name": "45139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45139" + }, + { + "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html", + "refsource": "MISC", + "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html" + }, + { + "name": "DSA-2286", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2286" + }, + { + "name": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html", + "refsource": "MISC", + "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html" + }, + { + "name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded" + }, + { + "name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11" + }, + { + "name": "73613", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/73613" + }, + { + "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html", + "refsource": "MISC", + "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html" + }, + { + "name": "45315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45315" + }, + { + "name": "FEDORA-2011-9144", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3437.json b/2011/3xxx/CVE-2011-3437.json index 9fc36bba523..00b5e5b2f8d 100644 --- a/2011/3xxx/CVE-2011-3437.json +++ b/2011/3xxx/CVE-2011-3437.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "50085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50085" - }, - { - "name" : "76356", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76356" - }, - { - "name" : "macos-type1-code-exec(70571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76356", + "refsource": "OSVDB", + "url": "http://osvdb.org/76356" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "macos-type1-code-exec(70571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70571" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "50085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50085" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3507.json b/2011/3xxx/CVE-2011-3507.json index 2bcc5afc160..a4b3ce0abc3 100644 --- a/2011/3xxx/CVE-2011-3507.json +++ b/2011/3xxx/CVE-2011-3507.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows remote authenticated users to affect integrity via unknown vectors related to Messaging Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "50264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50264" - }, - { - "name" : "76478", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76478" - }, - { - "name" : "46526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows remote authenticated users to affect integrity via unknown vectors related to Messaging Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "76478", + "refsource": "OSVDB", + "url": "http://osvdb.org/76478" + }, + { + "name": "46526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46526" + }, + { + "name": "50264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50264" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4029.json b/2011/4xxx/CVE-2011-4029.json index 7cc14a33270..b0acc49e263 100644 --- a/2011/4xxx/CVE-2011-4029.json +++ b/2011/4xxx/CVE-2011-4029.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[xorg] 20111018 X.Org security advisory: xserver locking code issues", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/xorg/2011-October/053680.html" - }, - { - "name" : "http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4" - }, - { - "name" : "RHSA-2012:0939", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0939.html" - }, - { - "name" : "46460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46460" - }, - { - "name" : "49579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[xorg] 20111018 X.Org security advisory: xserver locking code issues", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/xorg/2011-October/053680.html" + }, + { + "name": "http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4" + }, + { + "name": "46460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46460" + }, + { + "name": "RHSA-2012:0939", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0939.html" + }, + { + "name": "49579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49579" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4139.json b/2011/4xxx/CVE-2011-4139.json index 3002e547598..c8e8d5c7dd0 100644 --- a/2011/4xxx/CVE-2011-4139.json +++ b/2011/4xxx/CVE-2011-4139.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/09/11/1" - }, - { - "name" : "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/09/13/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=737366", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=737366" - }, - { - "name" : "https://www.djangoproject.com/weblog/2011/sep/09/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2011/sep/09/" - }, - { - "name" : "https://www.djangoproject.com/weblog/2011/sep/10/127/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2011/sep/10/127/" - }, - { - "name" : "DSA-2332", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2332" - }, - { - "name" : "openSUSE-SU-2012:0653", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/14700881" - }, - { - "name" : "46614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:0653", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/14700881" + }, + { + "name": "DSA-2332", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2332" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=737366", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366" + }, + { + "name": "46614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46614" + }, + { + "name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/09/11/1" + }, + { + "name": "https://www.djangoproject.com/weblog/2011/sep/10/127/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/" + }, + { + "name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/09/13/2" + }, + { + "name": "https://www.djangoproject.com/weblog/2011/sep/09/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2011/sep/09/" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4389.json b/2011/4xxx/CVE-2011-4389.json index e665c22c831..ae7ef0c50f7 100644 --- a/2011/4xxx/CVE-2011-4389.json +++ b/2011/4xxx/CVE-2011-4389.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4389", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4389", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1343.json b/2013/1xxx/CVE-2013-1343.json index d014796700f..a5ba5cd59de 100644 --- a/2013/1xxx/CVE-2013-1343.json +++ b/2013/1xxx/CVE-2013-1343.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka \"Win32k Multiple Fetch Vulnerability,\" a different vulnerability than CVE-2013-1342, CVE-2013-1344, CVE-2013-3864, and CVE-2013-3865." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-076", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-076" - }, - { - "name" : "TA13-253A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" - }, - { - "name" : "oval:org.mitre.oval:def:18551", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka \"Win32k Multiple Fetch Vulnerability,\" a different vulnerability than CVE-2013-1342, CVE-2013-1344, CVE-2013-3864, and CVE-2013-3865." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:18551", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18551" + }, + { + "name": "MS13-076", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-076" + }, + { + "name": "TA13-253A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1677.json b/2013/1xxx/CVE-2013-1677.json index 50189fa2ef0..dd8bccf4d0c 100644 --- a/2013/1xxx/CVE-2013-1677.json +++ b/2013/1xxx/CVE-2013-1677.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-48.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-48.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=826163", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=826163" - }, - { - "name" : "DSA-2699", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2699" - }, - { - "name" : "MDVSA-2013:165", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" - }, - { - "name" : "RHSA-2013:0820", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0820.html" - }, - { - "name" : "RHSA-2013:0821", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0821.html" - }, - { - "name" : "openSUSE-SU-2013:0831", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" - }, - { - "name" : "openSUSE-SU-2013:0834", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" - }, - { - "name" : "openSUSE-SU-2013:0825", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:0929", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" - }, - { - "name" : "openSUSE-SU-2013:0946", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" - }, - { - "name" : "USN-1822-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1822-1" - }, - { - "name" : "USN-1823-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1823-1" - }, - { - "name" : "59868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59868" - }, - { - "name" : "oval:org.mitre.oval:def:16979", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=826163", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=826163" + }, + { + "name": "DSA-2699", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2699" + }, + { + "name": "MDVSA-2013:165", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" + }, + { + "name": "openSUSE-SU-2013:0825", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" + }, + { + "name": "USN-1823-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1823-1" + }, + { + "name": "oval:org.mitre.oval:def:16979", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16979" + }, + { + "name": "RHSA-2013:0821", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0821.html" + }, + { + "name": "openSUSE-SU-2013:0929", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" + }, + { + "name": "openSUSE-SU-2013:0831", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" + }, + { + "name": "RHSA-2013:0820", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0820.html" + }, + { + "name": "openSUSE-SU-2013:0834", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" + }, + { + "name": "openSUSE-SU-2013:0946", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" + }, + { + "name": "USN-1822-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1822-1" + }, + { + "name": "59868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59868" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-48.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-48.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5002.json b/2013/5xxx/CVE-2013-5002.json index 507dd58c22f..fc76683a390 100644 --- a/2013/5xxx/CVE-2013-5002.json +++ b/2013/5xxx/CVE-2013-5002.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php" - }, - { - "name" : "61516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61516" - }, - { - "name" : "59832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59832" + }, + { + "name": "61516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61516" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5194.json b/2013/5xxx/CVE-2013-5194.json index a43e0d3729a..ebbe4803595 100644 --- a/2013/5xxx/CVE-2013-5194.json +++ b/2013/5xxx/CVE-2013-5194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5194", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5194", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5241.json b/2013/5xxx/CVE-2013-5241.json index 04a27c774dd..0873e52075f 100644 --- a/2013/5xxx/CVE-2013-5241.json +++ b/2013/5xxx/CVE-2013-5241.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5241", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5241", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5275.json b/2013/5xxx/CVE-2013-5275.json index da6df43c7e6..caf86d75d55 100644 --- a/2013/5xxx/CVE-2013-5275.json +++ b/2013/5xxx/CVE-2013-5275.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5275", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5275", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5339.json b/2013/5xxx/CVE-2013-5339.json index 37ab9b76ae5..3e9c0b9c757 100644 --- a/2013/5xxx/CVE-2013-5339.json +++ b/2013/5xxx/CVE-2013-5339.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5339", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5339", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5387.json b/2013/5xxx/CVE-2013-5387.json index ede4f98a84f..bd5924d8386 100644 --- a/2013/5xxx/CVE-2013-5387.json +++ b/2013/5xxx/CVE-2013-5387.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020072", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020072" - }, - { - "name" : "63517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63517" - }, - { - "name" : "platformsymphony-cve20135387-bo(87109)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "platformsymphony-cve20135387-bo(87109)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87109" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020072", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020072" + }, + { + "name": "63517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63517" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2014.json b/2014/2xxx/CVE-2014-2014.json index 8e7e4c8acf6..28b36d671b9 100644 --- a/2014/2xxx/CVE-2014-2014.json +++ b/2014/2xxx/CVE-2014-2014.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[imapsync_list] 20140120 Re: [imapsync] STARTTLS support (#15)", - "refsource" : "MLIST", - "url" : "http://www.linux-france.org/prj/imapsync_list/msg01907.html" - }, - { - "name" : "[imapsync_list] 20140122 Re: [imapsync] Upon certificate issues STARTTLS is ignored and the password sent in plaintext (#15)", - "refsource" : "MLIST", - "url" : "http://www.linux-france.org/prj/imapsync_list/msg01910.html" - }, - { - "name" : "[oss-security] 20140217 CVE request: \"imapsync ignores the --tls switch and sends my authentication plaintext.\"", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/367" - }, - { - "name" : "[oss-security] 20140218 Re: CVE request: \"imapsync ignores the --tls switch and sends my authentication plaintext.\"", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/378" - }, - { - "name" : "https://bugs.mageia.org/show_bug.cgi?id=12770", - "refsource" : "CONFIRM", - "url" : "https://bugs.mageia.org/show_bug.cgi?id=12770" - }, - { - "name" : "https://github.com/imapsync/imapsync/issues/15", - "refsource" : "CONFIRM", - "url" : "https://github.com/imapsync/imapsync/issues/15" - }, - { - "name" : "FEDORA-2014-2505", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128293.html" - }, - { - "name" : "MDVSA-2014:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140218 Re: CVE request: \"imapsync ignores the --tls switch and sends my authentication plaintext.\"", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/378" + }, + { + "name": "[oss-security] 20140217 CVE request: \"imapsync ignores the --tls switch and sends my authentication plaintext.\"", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/367" + }, + { + "name": "FEDORA-2014-2505", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128293.html" + }, + { + "name": "[imapsync_list] 20140122 Re: [imapsync] Upon certificate issues STARTTLS is ignored and the password sent in plaintext (#15)", + "refsource": "MLIST", + "url": "http://www.linux-france.org/prj/imapsync_list/msg01910.html" + }, + { + "name": "[imapsync_list] 20140120 Re: [imapsync] STARTTLS support (#15)", + "refsource": "MLIST", + "url": "http://www.linux-france.org/prj/imapsync_list/msg01907.html" + }, + { + "name": "https://github.com/imapsync/imapsync/issues/15", + "refsource": "CONFIRM", + "url": "https://github.com/imapsync/imapsync/issues/15" + }, + { + "name": "https://bugs.mageia.org/show_bug.cgi?id=12770", + "refsource": "CONFIRM", + "url": "https://bugs.mageia.org/show_bug.cgi?id=12770" + }, + { + "name": "MDVSA-2014:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:060" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2024.json b/2014/2xxx/CVE-2014-2024.json index be3b1699977..4371c4a5c62 100644 --- a/2014/2xxx/CVE-2014-2024.json +++ b/2014/2xxx/CVE-2014-2024.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140312 Cross-Site Scripting (XSS) in Open Classifieds", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531428/100/0/threaded" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23204", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23204" - }, - { - "name" : "https://github.com/open-classifieds/openclassifieds2/commit/45ee8fb601a91b8a4238229580a32a4fd8d96ef9", - "refsource" : "CONFIRM", - "url" : "https://github.com/open-classifieds/openclassifieds2/commit/45ee8fb601a91b8a4238229580a32a4fd8d96ef9" - }, - { - "name" : "https://github.com/open-classifieds/openclassifieds2/issues/556", - "refsource" : "CONFIRM", - "url" : "https://github.com/open-classifieds/openclassifieds2/issues/556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/open-classifieds/openclassifieds2/issues/556", + "refsource": "CONFIRM", + "url": "https://github.com/open-classifieds/openclassifieds2/issues/556" + }, + { + "name": "20140312 Cross-Site Scripting (XSS) in Open Classifieds", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531428/100/0/threaded" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23204", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23204" + }, + { + "name": "https://github.com/open-classifieds/openclassifieds2/commit/45ee8fb601a91b8a4238229580a32a4fd8d96ef9", + "refsource": "CONFIRM", + "url": "https://github.com/open-classifieds/openclassifieds2/commit/45ee8fb601a91b8a4238229580a32a4fd8d96ef9" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2077.json b/2014/2xxx/CVE-2014-2077.json index 30aac90cb62..ad496070782 100644 --- a/2014/2xxx/CVE-2014-2077.json +++ b/2014/2xxx/CVE-2014-2077.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria \"tags\" for screenreaders at the top bar'." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140317 Open-Xchange Security Advisory 2014-03-17", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html" - }, - { - "name" : "57290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria \"tags\" for screenreaders at the top bar'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57290" + }, + { + "name": "20140317 Open-Xchange Security Advisory 2014-03-17", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2085.json b/2014/2xxx/CVE-2014-2085.json index 962526d28d9..7de21b3115c 100644 --- a/2014/2xxx/CVE-2014-2085.json +++ b/2014/2xxx/CVE-2014-2085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2085", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2084. Reason: This issue was MERGED into CVE-2014-2084 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-2084 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-2085", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2084. Reason: This issue was MERGED into CVE-2014-2084 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-2084 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2238.json b/2014/2xxx/CVE-2014-2238.json index faa338b1bba..23f6ec69c90 100644 --- a/2014/2xxx/CVE-2014-2238.json +++ b/2014/2xxx/CVE-2014-2238.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140228 CVE request: MantisBT 1.2.13 SQL injection vulnerability", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/456" - }, - { - "name" : "[oss-security] 20140304 Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/490" - }, - { - "name" : "http://mantisbt.domainunion.de/bugs/view.php?id=17055", - "refsource" : "CONFIRM", - "url" : "http://mantisbt.domainunion.de/bugs/view.php?id=17055" - }, - { - "name" : "http://www.mantisbt.org/blog/?p=288", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/blog/?p=288" - }, - { - "name" : "65903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65903" - }, - { - "name" : "mantisbt-admconfigreport-sql-injection(91563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140228 CVE request: MantisBT 1.2.13 SQL injection vulnerability", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/456" + }, + { + "name": "[oss-security] 20140304 Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/490" + }, + { + "name": "65903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65903" + }, + { + "name": "http://mantisbt.domainunion.de/bugs/view.php?id=17055", + "refsource": "CONFIRM", + "url": "http://mantisbt.domainunion.de/bugs/view.php?id=17055" + }, + { + "name": "http://www.mantisbt.org/blog/?p=288", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/blog/?p=288" + }, + { + "name": "mantisbt-admconfigreport-sql-injection(91563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91563" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2300.json b/2014/2xxx/CVE-2014-2300.json index c52fd8a5c47..364c22b2601 100644 --- a/2014/2xxx/CVE-2014-2300.json +++ b/2014/2xxx/CVE-2014-2300.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2300", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2300", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2410.json b/2014/2xxx/CVE-2014-2410.json index 0335dc3205d..e915cefb0d6 100644 --- a/2014/2xxx/CVE-2014-2410.json +++ b/2014/2xxx/CVE-2014-2410.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "66886", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66886", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66886" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6021.json b/2014/6xxx/CVE-2014-6021.json index 0564502badd..154e8d3f778 100644 --- a/2014/6xxx/CVE-2014-6021.json +++ b/2014/6xxx/CVE-2014-6021.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#239385", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/239385" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#239385", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/239385" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6045.json b/2014/6xxx/CVE-2014-6045.json index 4c9d597c57f..84cba2b5c94 100644 --- a/2014/6xxx/CVE-2014-6045.json +++ b/2014/6xxx/CVE-2014-6045.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://techdefencelabs.com/security-advisories.html", - "refsource" : "MISC", - "url" : "http://techdefencelabs.com/security-advisories.html" - }, - { - "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://techdefencelabs.com/security-advisories.html", + "refsource": "MISC", + "url": "http://techdefencelabs.com/security-advisories.html" + }, + { + "name": "https://www.phpmyfaq.de/security/advisory-2014-09-16", + "refsource": "CONFIRM", + "url": "https://www.phpmyfaq.de/security/advisory-2014-09-16" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6652.json b/2014/6xxx/CVE-2014-6652.json index a2f946775d6..2116868842c 100644 --- a/2014/6xxx/CVE-2014-6652.json +++ b/2014/6xxx/CVE-2014-6652.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Wizaz Forum (aka com.tapatalk.wizazplforum) application 3.6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#215185", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/215185" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Wizaz Forum (aka com.tapatalk.wizazplforum) application 3.6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#215185", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/215185" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6692.json b/2014/6xxx/CVE-2014-6692.json index bdc7ba73fc5..a92d56b46f3 100644 --- a/2014/6xxx/CVE-2014-6692.json +++ b/2014/6xxx/CVE-2014-6692.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#453929", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/453929" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#453929", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/453929" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6731.json b/2014/6xxx/CVE-2014-6731.json index 32dd1b21956..6fe53ea827b 100644 --- a/2014/6xxx/CVE-2014-6731.json +++ b/2014/6xxx/CVE-2014-6731.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#367337", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/367337" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "VU#367337", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/367337" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6964.json b/2014/6xxx/CVE-2014-6964.json index dd3db7f0e3c..4803d165392 100644 --- a/2014/6xxx/CVE-2014-6964.json +++ b/2014/6xxx/CVE-2014-6964.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hanyang University Admissions (aka kr.ac.hanyang.planner) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#589273", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/589273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hanyang University Admissions (aka kr.ac.hanyang.planner) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#589273", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/589273" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7543.json b/2014/7xxx/CVE-2014-7543.json index 0edc3e0da9c..4c059ac43b1 100644 --- a/2014/7xxx/CVE-2014-7543.json +++ b/2014/7xxx/CVE-2014-7543.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Blood (aka com.sheridan.ash) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#724969", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/724969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Blood (aka com.sheridan.ash) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#724969", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/724969" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7586.json b/2014/7xxx/CVE-2014-7586.json index 9888f8c11e4..65fca892010 100644 --- a/2014/7xxx/CVE-2014-7586.json +++ b/2014/7xxx/CVE-2014-7586.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7586", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7586", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0290.json b/2017/0xxx/CVE-2017-0290.json index 6b5ab58265e..eeb654b7a61 100644 --- a/2017/0xxx/CVE-2017-0290.json +++ b/2017/0xxx/CVE-2017-0290.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Malware Protection Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Malware Protection Engine", + "version": { + "version_data": [ + { + "version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41975", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41975/" - }, - { - "name" : "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/", - "refsource" : "MISC", - "url" : "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252" - }, - { - "name" : "https://twitter.com/natashenka/status/861748397409058816", - "refsource" : "MISC", - "url" : "https://twitter.com/natashenka/status/861748397409058816" - }, - { - "name" : "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html", - "refsource" : "MISC", - "url" : "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html" - }, - { - "name" : "https://technet.microsoft.com/library/security/4022344", - "refsource" : "CONFIRM", - "url" : "https://technet.microsoft.com/library/security/4022344" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290" - }, - { - "name" : "98330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98330" - }, - { - "name" : "1038419", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038419" - }, - { - "name" : "1038420", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/", + "refsource": "MISC", + "url": "https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1252" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0290" + }, + { + "name": "1038420", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038420" + }, + { + "name": "41975", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41975/" + }, + { + "name": "1038419", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038419" + }, + { + "name": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html", + "refsource": "MISC", + "url": "https://0patch.blogspot.si/2017/05/0patching-worst-windows-remote-code.html" + }, + { + "name": "https://twitter.com/natashenka/status/861748397409058816", + "refsource": "MISC", + "url": "https://twitter.com/natashenka/status/861748397409058816" + }, + { + "name": "https://technet.microsoft.com/library/security/4022344", + "refsource": "CONFIRM", + "url": "https://technet.microsoft.com/library/security/4022344" + }, + { + "name": "98330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98330" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0566.json b/2017/0xxx/CVE-2017-0566.json index 78efd1212a1..faa28c67266 100644 --- a/2017/0xxx/CVE-2017-0566.json +++ b/2017/0xxx/CVE-2017-0566.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97351" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97351" + }, + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0644.json b/2017/0xxx/CVE-2017-0644.json index 60592ae3ddb..6cf8b9922c7 100644 --- a/2017/0xxx/CVE-2017-0644.json +++ b/2017/0xxx/CVE-2017-0644.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-35472997." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98868" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-35472997." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98868" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0645.json b/2017/0xxx/CVE-2017-0645.json index 2a81697a93f..dc9bfd1dc13 100644 --- a/2017/0xxx/CVE-2017-0645.json +++ b/2017/0xxx/CVE-2017-0645.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98871" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98871" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0647.json b/2017/0xxx/CVE-2017-0647.json index b50aaa344c6..3460f7a7d4d 100644 --- a/2017/0xxx/CVE-2017-0647.json +++ b/2017/0xxx/CVE-2017-0647.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98877" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98877" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0953.json b/2017/0xxx/CVE-2017-0953.json index 1154993b07b..39f6e62d7c3 100644 --- a/2017/0xxx/CVE-2017-0953.json +++ b/2017/0xxx/CVE-2017-0953.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0953", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0953", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0964.json b/2017/0xxx/CVE-2017-0964.json index a880a1ef4eb..f685f270c02 100644 --- a/2017/0xxx/CVE-2017-0964.json +++ b/2017/0xxx/CVE-2017-0964.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0964", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0964", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000188.json b/2017/1000xxx/CVE-2017-1000188.json index bf54f3973de..a36f812d199 100644 --- a/2017/1000xxx/CVE-2017-1000188.json +++ b/2017/1000xxx/CVE-2017-1000188.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.410819", - "ID" : "CVE-2017-1000188", - "REQUESTER" : "anemec@redhat.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ejs", - "version" : { - "version_data" : [ - { - "version_value" : "<2.5.5" - } - ] - } - } - ] - }, - "vendor_name" : "ejs" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.410819", + "ID": "CVE-2017-1000188", + "REQUESTER": "anemec@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f", - "refsource" : "MISC", - "url" : "https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f" - }, - { - "name" : "101889", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f", + "refsource": "MISC", + "url": "https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f" + }, + { + "name": "101889", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101889" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000209.json b/2017/1000xxx/CVE-2017-1000209.json index d27b820b5f1..2d8ed4b411a 100644 --- a/2017/1000xxx/CVE-2017-1000209.json +++ b/2017/1000xxx/CVE-2017-1000209.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.438874", - "ID" : "CVE-2017-1000209", - "REQUESTER" : "bjorn.lunden@2secure.se", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nv-websocket-client", - "version" : { - "version_data" : [ - { - "version_value" : "2.0 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Neo Visionaries Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing SSL certification hostname verification" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.438874", + "ID": "CVE-2017-1000209", + "REQUESTER": "bjorn.lunden@2secure.se", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TakahikoKawasaki/nv-websocket-client/pull/107", - "refsource" : "CONFIRM", - "url" : "https://github.com/TakahikoKawasaki/nv-websocket-client/pull/107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TakahikoKawasaki/nv-websocket-client/pull/107", + "refsource": "CONFIRM", + "url": "https://github.com/TakahikoKawasaki/nv-websocket-client/pull/107" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000230.json b/2017/1000xxx/CVE-2017-1000230.json index 49ed9b92f2a..2ac9270cf61 100644 --- a/2017/1000xxx/CVE-2017-1000230.json +++ b/2017/1000xxx/CVE-2017-1000230.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.459114", - "ID" : "CVE-2017-1000230", - "REQUESTER" : "martin.tenek@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Step7 Open Source Ethernet Communication Suite", - "version" : { - "version_data" : [ - { - "version_value" : "1.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Snap7" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Null Pointer Exception" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.459114", + "ID": "CVE-2017-1000230", + "REQUESTER": "martin.tenek@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/snap7/discussion/bugfix/thread/2d2d085c/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/snap7/discussion/bugfix/thread/2d2d085c/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/snap7/discussion/bugfix/thread/2d2d085c/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/snap7/discussion/bugfix/thread/2d2d085c/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1473.json b/2017/1xxx/CVE-2017-1473.json index e5b0f992344..ec6784af75e 100644 --- a/2017/1xxx/CVE-2017-1473.json +++ b/2017/1xxx/CVE-2017-1473.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-04-16T00:00:00", - "ID" : "CVE-2017-1473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "8.0.0" - }, - { - "version_value" : "8.0.0.1" - }, - { - "version_value" : "8.0.0.2" - }, - { - "version_value" : "8.0.0.3" - }, - { - "version_value" : "8.0.0.4" - }, - { - "version_value" : "8.0.0.5" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "8.0.1.2" - }, - { - "version_value" : "8.0.1.3" - }, - { - "version_value" : "8.0.1.4" - }, - { - "version_value" : "9.0.0" - }, - { - "version_value" : "9.0.1.0" - }, - { - "version_value" : "9.0.2.0" - }, - { - "version_value" : "8.0.1.5" - }, - { - "version_value" : "9.0.2.1" - }, - { - "version_value" : "9.0.3" - }, - { - "version_value" : "9.0.3.1" - }, - { - "version_value" : "8.0.1.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-04-16T00:00:00", + "ID": "CVE-2017-1473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Access Manager", + "version": { + "version_data": [ + { + "version_value": "9.0.0.1" + }, + { + "version_value": "8.0.0" + }, + { + "version_value": "8.0.0.1" + }, + { + "version_value": "8.0.0.2" + }, + { + "version_value": "8.0.0.3" + }, + { + "version_value": "8.0.0.4" + }, + { + "version_value": "8.0.0.5" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.0.1.2" + }, + { + "version_value": "8.0.1.3" + }, + { + "version_value": "8.0.1.4" + }, + { + "version_value": "9.0.0" + }, + { + "version_value": "9.0.1.0" + }, + { + "version_value": "9.0.2.0" + }, + { + "version_value": "8.0.1.5" + }, + { + "version_value": "9.0.2.1" + }, + { + "version_value": "9.0.3" + }, + { + "version_value": "9.0.3.1" + }, + { + "version_value": "8.0.1.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012268", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012268" - }, - { - "name" : "ibm-sam-cve20171473-info-disc(128605)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sam-cve20171473-info-disc(128605)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012268", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012268" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1554.json b/2017/1xxx/CVE-2017-1554.json index 91f97377eeb..711ecaace47 100644 --- a/2017/1xxx/CVE-2017-1554.json +++ b/2017/1xxx/CVE-2017-1554.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-10-25T00:00:00", - "ID" : "CVE-2017-1554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigInsights", - "version" : { - "version_data" : [ - { - "version_value" : "4.2.0" - }, - { - "version_value" : "4.2.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-10-25T00:00:00", + "ID": "CVE-2017-1554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigInsights", + "version": { + "version_data": [ + { + "version_value": "4.2.0" + }, + { + "version_value": "4.2.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131398", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131398" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22009192", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22009192" - }, - { - "name" : "101588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22009192", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22009192" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131398", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131398" + }, + { + "name": "101588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101588" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1570.json b/2017/1xxx/CVE-2017-1570.json index 200c617df72..704f47739d6 100644 --- a/2017/1xxx/CVE-2017-1570.json +++ b/2017/1xxx/CVE-2017-1570.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-11-16T00:00:00", - "ID" : "CVE-2017-1570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "4.0" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-11-16T00:00:00", + "ID": "CVE-2017-1570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "4.0" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131852", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131852" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22010512", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22010512" - }, - { - "name" : "102020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102020" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22010512", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22010512" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131852", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131852" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1729.json b/2017/1xxx/CVE-2017-1729.json index 60e6add6b81..410054bad4d 100644 --- a/2017/1xxx/CVE-2017-1729.json +++ b/2017/1xxx/CVE-2017-1729.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-07-06T00:00:00", - "ID" : "CVE-2017-1729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134909." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-07-06T00:00:00", + "ID": "CVE-2017-1729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716607", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716607" - }, - { - "name" : "ibm-rqm-cve20171729-xss(134909)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134909." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rqm-cve20171729-xss(134909)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134909" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716607", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716607" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4953.json b/2017/4xxx/CVE-2017-4953.json index 398c577bc37..1c1edf269fa 100644 --- a/2017/4xxx/CVE-2017-4953.json +++ b/2017/4xxx/CVE-2017-4953.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4953", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-4953", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4975.json b/2017/4xxx/CVE-2017-4975.json index 9953304085b..17db36b6857 100644 --- a/2017/4xxx/CVE-2017-4975.json +++ b/2017/4xxx/CVE-2017-4975.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PCF Tile Generator", - "version" : { - "version_data" : [ - { - "version_value" : "PCF Tile Generator" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Tile generator sets open security groups" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PCF Tile Generator", + "version": { + "version_data": [ + { + "version_value": "PCF Tile Generator" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2017-4975", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2017-4975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Tile generator sets open security groups" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2017-4975", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2017-4975" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5034.json b/2017/5xxx/CVE-2017-5034.json index 3e11778e01e..e77a7d5e392 100644 --- a/2017/5xxx/CVE-2017-5034.json +++ b/2017/5xxx/CVE-2017-5034.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 57.0.2987.98 for Linux and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 57.0.2987.98 for Linux and Windows" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 57.0.2987.98 for Linux and Windows", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 57.0.2987.98 for Linux and Windows" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/678461", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/678461" - }, - { - "name" : "DSA-3810", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3810" - }, - { - "name" : "GLSA-201704-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-02" - }, - { - "name" : "RHSA-2017:0499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0499.html" - }, - { - "name" : "96767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201704-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-02" + }, + { + "name": "DSA-3810", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3810" + }, + { + "name": "96767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96767" + }, + { + "name": "https://crbug.com/678461", + "refsource": "CONFIRM", + "url": "https://crbug.com/678461" + }, + { + "name": "RHSA-2017:0499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5785.json b/2017/5xxx/CVE-2017-5785.json index f3ce3db1838..5a44d8f6a66 100644 --- a/2017/5xxx/CVE-2017-5785.json +++ b/2017/5xxx/CVE-2017-5785.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-02-03T00:00:00", - "ID" : "CVE-2017-5785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Matrix Operating Environment", - "version" : { - "version_data" : [ - { - "version_value" : "v7.6" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-02-03T00:00:00", + "ID": "CVE-2017-5785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Matrix Operating Environment", + "version": { + "version_data": [ + { + "version_value": "v7.6" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" + } + ] + } +} \ No newline at end of file